Shared Management

Install and Configure Unified CCDM

For Cisco HCS Release 9.0, implement a dual-tier (distributed) system as shown in the following figure. This involves separating the web and application components (App/Web Server) of the Unified CCDM from the database server components.

At the conclusion of the installation, click OK at the prompt to enter and confirm the user password.

Step 8

At the Customize This Server section of the initial configuration tasks, select Enable Remote Desktops. Select the middle option: Allow connections from computers running any version of Remote Desktop.

Step 9

Open the Network and Sharing Center and select Local Area Connections.

Step 10

In the Network Settings dialog box, configure the network settings and the Domain Name System (DNS) data.

Select Properties. Then select Internet Protocol Version 4.

Select Properties again. Then select Use the following IP Address.

Enter the IP address, Subnet mask, and Default gateway.

Step 11

Run Service Pack 1 for Windows Server 2008 R2.

Step 12

Run MS Windows Update.

Once the MS update is done, click Do not enable automatic updates.

Configure Windows

Complete the following procedure to configure Windows on all the Unified CCDM servers.

Turn Off FIPS Compliance

Open theLocal Policies folder, and then click Security Options to view the list of policies.

Step 3

Ensure that you disable the Policy System cryptography: Use FIPS compliant algorithms for encryption, hashing and signing.

Disable UAC

User Account Control (UAC) protects the operating system from malicious programs. When enabled, UAC may cause issues with the software used to install the Unified CCDM. Disable UAC on all servers before you install the Unified CCDM. Complete the following procedure to disable UAC.

Select Mixed Mode authentication and enter a password for the server administrators user.

In the Specify SQL Server administrators panel click Add Current User. Also, add any other accounts that require administrator permissions to the Database, for example, Domain Admins and Service Accounts.

Click Next.

Step 18

In the Error Reporting window, click Next.

Installation checks are performed in the Installation Configuration Rules page.

SQL Server Backup Guidelines

Install Unified CCDM Components on Side A and Side B

For dual-tier systems, perform a complete installation on the Side A servers, and then perform a complete installation on the Side B servers. After you verify the prerequisites of the installed software, install the Unified CCDM components in the following order:

Start Unified CCDM

If auto-run is enabled on the server, a window opens automatically showing a list of Unified CCDM components under Server Installation on the left-hand side.

If auto-run is disabled and you do not see the Installation Components screen, double-click the autorun.bat file located on the DVD to launch the Unified CCDM installer manually.

If UAC is not disabled, right-click autorun.bat file located on the DVD and select Run as administrator option to launch the installation manually.

Some anti-virus software may state that the autorun.hta script file is malicious. Ignore and continue with the installation.

What to Do Next

Install the Database Server component and App/Web Server components as described in the following sections. Make sure that the prerequisites are met before you perform these installations. For more information on the prerequisites, see Windows Feature Requirements for Unified CCDM.

Install Database Server

Complete the following procedure to install the Database server:

Procedure

Step 1

Choose the component Database server and click Install.

Step 2

Click Next.

Step 3

Select I accept the terms in the license agreement in the License agreement window.

Step 4

Enter the passphrase using 6 to 35 characters and confirm the same passphrase in the Cryptography Configuration window.

This passphrase is used for encrypting and decrypting system passwords and must be the same for all the servers in the cluster. The contents in the Confirm Passphrase must be identical to the passphrase entered above.

Step 5

Configure the following in the Configure Database:

Catalog Name — Enter a name for the database catalog that is used for Unified CCDM. It is recommended that you use the default name of Portal.

Connect Using — Select this option to use the login credentials to connect.

Windows authentication — Enter the credentials of application This is the recommended option.

SQL Server authentication — Enter the SQL Server Login ID and Password. Use this option only if you are using a database catalog on a different domain.

Step 6

In the Destination Folder window, you can click Change to change the location for the Database Server installation. It is not necessary to install all the Unified CCDM components to the same location.

Step 7

Select the following in Setup Type:

Complete - A complete installation of all the components. This is the preferred option for most installations.

Custom - Allows the user to select from a variety of options that may be installed to the system.

Note

Only advanced users should use the Custom option.

Step 8

Click Install.

Step 9

After the installation has completed, immediately to set up your database, check the Launch Database Management Utility check box. You can also set up your database manually at a later date.

Step 10

When the installation completes, click Finish.

Set up Database

If you selected the Launch CCDM Database Management Utility check box after installing the Database component, the database set up wizard launches automatically.

Enter the following details in the SQL Server Connection Details page:

Server Name The name defaults to the Database Server machine name. Accept the default (local).

Database Name Enter or select the name of the database catalog to use for Unified CCDM. It is recommended that you use the default name of Portal. This should match the database catalog name specified during Database Server installation.

Connect Using Select this option to use the login credentials to connect.

Windows authentication

Select this option to use the windows account information to log in to your computer. This is the recommended option.

SQL Server authentication

Select this option only if you are using a database catalog on a different domain. Enter your SQL Server Login Name and Password in the fields provided.

Step 4

Click Test Connection to make sure the connection to the SQL Server is established.

Step 5

Click Next.

Step 6

Choose Replicated Configuration if the installation is on the Side B server.

Step 7

Click Next.

Step 8

In the Setup Replication window, if this database installation is not side B of a replicated system, just click Next. If this database installation is side B of a replicated system, select Replicated Configuration and set up the replication folder share as follows:

Share Name The name of the share for the ReplData folder. By default this is ReplData.

Folder Path The path of the ReplData folder. This is configured in SQL Server, and is by default C:\Program Files\Microsoft SQL Server\MSSQL\repldata.

Click Next.

Step 9

If you are performing the Complete Installation, accept the default values in Configure the Location of Data Files.

Step 10

Click Next.

Step 11

In the Configure the Location of Data Files window, if you are not using a custom installation of SQL Server, accept the defaults and click Next. If you are using a custom installation of SQL Server, configure the data files as follows:

Select the check box or boxes beside the file group or file groups you want to change.

To change the Location, browse to the new location.

To change the Max Size, specify the amount of space that should be allocated for the chosen file group or file groups.

To specify a different Initial Size, first uncheck Set Initial Size to Max Size.

You can also choose an unlimited file size by selecting Unrestricted Size, but this is not supported.

Click Update to save your changes.

Click Default to restore the settings for all file groups to their default.

Click Next when you have finished.

Step 12

Configure the following in the Configure SQL Server Agent Service Identity page:

Account Type - The type of user account that will be used. For a distributed installation, this must be Domain.

User Name - Enter the name of the user account. Default value is portal_user. If you used a different name when setting up the account, enter that name instead.

Automatically create the user account if missing - For a single-sided single server system, it is possible to create a local user automatically by selecting this check box.

Password - Create a password for the new user, conforming to your individual system’s complexity requirements.

Confirm Password - You will not be able to continue until the contents of this field are identical to the password entered above.

Step 13

Click Next.

Step 14

In the Web Application Servers Network Service Configuration window, configure the following:

Domain - The network domain in which the web server is on, for example ACMEDOM.

Machine Name - The name of the machine, for example WEBSERVERA.

Click Add to add each Web Server to the list.

When all Web Servers have been added, click Next.

Step 15

In the Ready to install the Database window, click Next to begin installation.

Step 16

Click Close to close the installer.

What to Do Next

After you complete the installation, you must perform the following:

Disconnect the iso file.

Enable Auto-growth for the Portal Database.

Enable Auto-growth for the Portal Database

Before you install the App/Web Server, you must enable auto-growth for the portal database on both sides of Unified CCDM database servers.

Install the App/Web Server

Complete the following procedure to install the App/Web server component:

Procedure

Step 1

Choose the component App/Web server and click Install.

Step 2

Click Next.

Step 3

Select I accept the terms in the license agreement in the License agreement window.

Step 4

Enter the passphrase using 6 to 35 characters and confirm the same in the Cryptography Configuration window.

This passphrase is used for encrypting and decrypting system passwords and must be the same for all the servers in the cluster. The contents in the Confirm Passphrase must be identical to the passphrase entered above.

Step 5

Configure the following in the Configure Database:

SQLServer Name - Enter the database server machine name. The default of the local machine is valid only when installing on the Database Server.

Catalog Name - Enter or select the name you selected while installing the Database Server component. The default value is Portal.

Connect Using - Select the radio button of the login credentials you wish to apply.

Windows authentication - This is the recommended option.

SQL Server authentication - Select this option only if you are using a database catalog on a different domain. For this option you must enter your SQL Server Login Name and Password in the fields provided.

Step 6

In the Ready to Install the Program window click Install. When the installation completes, click Finish.

Your computer reboots for the changes to take affect.

What to Do Next

After you complete the installation, you must disconnect the iso file.

Replicate Database

For replicated systems, repeat this installation for side B. It is recommended that you complete the side A installation of all components before installing side B.

Configure Unified CCE for Unified CCDM Connectivity

Complete the following procedures to configure the cluster components to connect the Unified CCE to the Unified CCDM:

Configure Unified CCE Administrative Workstations for Unified CCDM

If you use SQL Server Authentication to connect Unified CCDM to Unified CCE, no configuration of the Administrative Workstation Database (AWDB) is required. If you do not use the SQL login, you must configure the AWDB to connect the Unified CCDM to Unified CCE.

Complete the following procedure to configure AWDB:

Procedure

Step 1

Sign in to the Cisco Unified CCE Database Server with local administrative privileges.

In the Login Name field, enter the name for the machine in the following format: <DOMAIN>\<Unified CCDM-HOSTNAME>$.

Choose Windows Authentication unless you are connecting to a server on another domain.

Click OK.

Step 7

Configure the User Mapping page as follows:

In the Users mapped to this login field, check AWDB.

In the Database role membership for field, check the following roles to grant to the AWDB login:

public

db_datareader

Step 8

Click OK.

Configure Unified CCE AWDB for Provisioning

For each Unified CCE instance that Unified CCDM Resource Management connects to, Unified CCE must meet the following criteria:

Unified CCDM Resource Management uses Cisco ConAPI for provisioning connections. This interface should have all the connections made to a primary distributor AW. If the AW is dual-sided, both the sides must be primary distributors.

Configure an Application Instance on each AW for Unified CCDM to connect to Unified CCE. For provisioning multimedia resources, configure the Application Instance with Application Type: <Other> instead of the standard Cisco Voice.

Click Add and configure the following in the Application Connection Details page:

ICM Distributor AW link - Enter the name of the Unified CCDM Database Server. This should be in all capital letters, with Server appended, for example, CCMPDBServer.

ICM Distributor AW RMI registry port - Enter the Unified CCE AW port number for the Unified CCDM provisioning service to connect to. This is usually 2099, however, if the Unified CCDM provisioning service connects to multiple Unified CCE, instances each instance should use a different port.

Application link - Enter the name of the Unified CCDM Database Server. This should be in all capital letters, with Client appended, for example, CCMPDBClient.

Preferably, this should be the same as for the ICM Distributor AW RMI registry port. Each Unified CCE AW must connect to a different port on the Database Server. You should record this information for future use.

Click OK twice to save your changes and to close the CMS control console.

Configure Unified CCDM Cluster

For the Unified CCDM to operate correctly, establish communications channels between the different Unified CCDM components so that each individual Unified CCDM component connects to the appropriate channels in the event of a failure.

Complete the procedures in the following order for Unified CCDM cluster configuration:

In Configure Redundancy select whether you would like to configure a single-sided or a dual-sided system and click Next.

Step 4

If you are performing a two-tier deployment, enter the number of web servers for each side. Enter the number of app/web servers for each side that you want to configure in your deployment. For dual-sided configurations, you must configure an equal number of app/web servers on each side of the system and click Next.

Step 5

In the Configure Core Servers page, configure the following:

Enter the name and IP address of the primary server.

Enter the name and IP address of the secondary server.

Note

For a dual-sided setup, the primary server and secondary server details should be the same.

In Select Unified CCE Instance, select the AW instance for the deployment and click Next.

Step 9

If you selected the option ConAPI Server (Provisioning) option in Step 4, enter the following details:

Local Registry Port - Enter the port number of the Unified CCE for the Unified CCDM Provisioning service to connect to. This is usually 2099.

Remote Registry Port - Enter the port number of the Unified CCDM Database Server for the Unified CCE to connect to. This is usually 2099.

Local Port - Select this as the designated port for live provisioning traffic between the Unified CCE and Unified CCDM servers. Assign a unique port for each Unified CCE. Configure the firewalls between the CICM and Unified CCDM server to allow two-way traffic on this port.

Using Default Import Location, all the resources imported from the source equipment are placed in the selected folder or tenant in Unified CCDM.

Using Remote Tenant Mapping, all of the resources associated with the selected remote owner on the equipment are placed in the selected folder or tenant in Unified CCDM.

Step 4

Click Save.

Configure Replication

In a dual-sided Unified CCDM deployment setup, use the SQL Server Replication to replicate Unified CCDM databases. Replication between these databases is set up and monitored using the Replication Manager application which is available in the Unified CCDM Integrated Configuration Environment (ICE). For more information on setup and monitoring, refer to Setup and Monitor.

Setup

The Setup option configures or disables SQL Server Replication for the Unified CCDM databases in a dual-sided environment.

Choose Setup tab to see the replication setup details and to configure or disable replication.

In the Unified CCDM Database Server Properties, the Server Name and Catalog Name for each are defaulted to the values used when the Unified CCDM servers were configured with the ICE Cluster Configuration tool.

In Distributor Properties, by default, the Distributor is created on the Unified CCDM Database Subscriber Server.

Click Configure to start the replication configuration process.

If SQL Server Replication is already configured, all of the controls are disabled except the Disable button. Click Disable to disable replication.

Monitor

The Monitor option monitors the general health of SQL Server Replication between Unified CCDM databases. The Monitor can also start or stop various replication agents. The Monitor option shows the details only if SQL Server Replication is currently configured.

The top-left pane shows the list of Publishers and Publications on each Publisher. If the Unified CCDM database is replicated, then the following publications are shown:

[Portal] Base

[Portal] NonQueued

Click Publications to see the subscriptions in the Subscriptions tab in top-right-hand pane. The Agents tab lists other agents like Snapshot Agent, LogReader Agent and Queue Reader Agent if available for the selected publication. The list of agents depends on the Publication being viewed.

Click listed subscriptions or agents to see their session details in the bottom left pane. This pane lists all the agent sessions in the last 24 hours. Click each session to see the actions performed during the session in the bottom-right pane. This pane also provides information about failures of agents.

To stop or start the various replication agents, right -click the agent and select Stop or Start in the shortcut menu.

Configure Single Sign-On

By default, users must log in to Unified CCDM every time they connect. You can optionally configure Unified CCDM to use Single Sign-On (SSO), which allows users to connect to Unified CCDM without logging in by linking their Unified CCDM user accounts with their Active Directory user accounts.

Note

Users cannot use SSO over a proxy connection. Setting up SSO disables any existing Unified CCDM users that are not in domain login format. You must set up new Unified CCDM user accounts for all existing users.

Administrator Account Setup

It is important to set up the new SSO administrator account is set up correctly, because the Unified CCDM administrator account is disabled when SSO is configured. Complete the following procedure to administrator account setup.

Procedure

Step 1

In the CCDM Web Server, choose Start -> All Programs -> Domain Manager -> Web -> Domain Manager to launch the Domain Manager and Log in as administrator. Log in to Unified CCDM as administrator.

Note

When you login for the first time, the administrator password will be blank, system prompts you to create password when you try to proceed with this blank password. Create your password and proceed.

Step 2

In User Manager, create a user account to be the new administrator account.

Note

For the login name, use the format <DOMAIN>\<your domain login>, for example, ACMEDOM\jsmith. The password should conform to the password security specified in System Settings.

Step 3

Click New User and choose Groups tab.

Step 4

Click Add to group.

Step 5

Check the check box of the Administrators group.

Step 6

Close and save.

Configure SSO Authentication for Unified CCDM

Complete the following procedure to configure SSO authentication for Unified CCDM.

Procedure

Step 1

From the location where you installed Unified CCDM Web/application server(usually C:\Program Files\Domain Manager), navigate to the \Application Server folder.

Manage Users with Single Sign-On

After you set up, assign all the Unified CCDM users with a Unified CCDM login in the format <DOMAIN>\<Windows domain login>. This implies that you must re-create the previously existing Unified CCDM user accounts in the new format before any users can log in.

Each time you give a new user a Unified CCDM account, you must also either give Read and Read & Execute properties on the Web directory, or you must add that user added to a user group that has those permissions.

Each new user must also add Unified CCDM to their list of trusted sites in Internet Explorer.

Upgrade Unified Communications Domain Manager

Complete the following steps to upgrade the Unified Communications Domain Manager.

Procedure

Step 1

Obtain the latest Platform upgrade and USM code.

Step 2

Use SFTP to access the Unified Communications Domain Manager using the username usmcli and the password usmcli.

Step 3

Upload the upgrade files to the usmcli home directory.

Step 4

Use SSH to access the Unified Communications Manager server using the username usmcli and the password usmcli.

Step 5

Enter the command enable to enter into enable mode.

Step 6

Enter the command software_upgrade for USM code upgrade.

Step 7

Enter the command platform_upgrade for Platform upgrade. After the Platform upgrade, you must reboot the server.

Install and Configure ASA Firewall and NAT

Cisco Adaptive Security Appliance (ASA) Firewall partitions a single ASA into multiple virtual devices that keeps customer traffic separate and secure, and also makes configuration easier. All customer traffic is first sent to the firewall before forwarding to the computer resources.